Effective Date: February 5, 2026
StudyLess ("Company", "we", "us", or "our") is committed to protecting the personal information and rights of users in accordance with the Personal Information Protection Act of the Republic of Korea and other applicable laws. This Privacy Policy explains how we collect, use, store, and protect your personal information, and how you can exercise your rights.
Article 1 (Purposes of Processing Personal Information)
We process personal information for the following purposes. We do not use personal information for purposes other than those set out below. If the purposes of use change, we will obtain separate consent or take other legally required measures.
- Membership registration and management
- To confirm the user's intention to sign up
- To provide member-only services
- To verify identity
- Provision of services
- AI-based flashcard generation (text extraction and conversion from images/PDFs)
- Providing spaced repetition learning schedules based on the FSRS algorithm
- Tracking personalized learning progress and optimizing review schedules
- Managing study schedules for exam preparation
- Service improvement
- Analyzing service usage statistics
- Diagnosing errors
- Improving service quality
Article 2 (Items of Personal Information Processed)
We process the following categories of personal information:
| Category | Items Collected | Method of Collection |
|---|---|---|
| Membership registration (Required) | Email address, password (for direct sign-up), OAuth identifiers (Apple/Google login) | Direct input in the app, OAuth integration |
| Service use (Required) | Uploaded images/PDFs, generated flashcard data, learning records (review accuracy, response time), learning progress, exam date settings | Direct upload in the app, automatic collection |
| Automatically collected information | Device information (OS, device model), app usage records, error logs, IP address, access time | Automatic collection |
Notice: Please ensure that your uploaded study materials (images/PDFs) do not contain highly sensitive personal information such as resident registration numbers, passport numbers, driver's license numbers, bank account numbers, or credit card numbers. We do not intend to collect such sensitive information, and if it is discovered, we will delete it without delay.
Article 3 (Restrictions on Use by Children Under 14 Years of Age)
We do not allow children under the age of 14 to create accounts or use our services as members. If we become aware that a user is under 14, we will promptly delete the account.
Article 4 (Retention and Use Period of Personal Information)
We retain and use personal information within the period specified by law or within the period consented to by the data subject at the time of collection.
Specific retention periods are as follows:
| Information | Retention Period | Legal Basis |
|---|---|---|
| Member information | Until account deletion | Consent of the data subject |
| Learning records / flashcards | Until account deletion | Consent of the data subject |
| Service usage records | 3 months | Protection of Communications Secrets Act (Korea) |
Article 5 (Procedures and Methods of Destruction of Personal Information)
We will destroy personal information without delay when the retention period has expired, the processing purpose has been fulfilled, or the user deletes their account or otherwise no longer requires the service.
Upon a user's request to delete their account, we will irreversibly destroy the personal information without delay so that it cannot be restored.
Destruction methods:
- Electronic files: Secure deletion so that records cannot be recovered
- Paper documents: Shredding or incineration
Article 6 (Provision of Personal Information to Third Parties)
We process personal information only within the scope specified in Article 1 (Purposes of Processing Personal Information). We will provide personal information to third parties only when we obtain the user's consent or when we are required or permitted to do so by law (including Article 17 of the Personal Information Protection Act).
Article 7 (Outsourcing of Personal Information Processing)
We outsource certain personal information processing activities as follows:
| Service Provider | Outsourced Task | Retention Period |
|---|---|---|
| Supabase Inc. | Cloud data storage, user authentication | Until the end of the outsourcing contract |
| Google LLC | AI-based flashcard generation (Gemini API) | Up to 30 days after processing completion |
| Mixpanel Inc. | Service usage analytics | Until the end of the outsourcing contract |
| Functional Software Inc. (Sentry) | Error diagnostics and service quality improvement | 90 days |
Article 8 (Overseas Transfer of Personal Information)
We transfer personal information overseas as follows:
Supabase Inc. (United States)
- Items transferred: Email address, learning records, flashcard data, uploaded images/PDFs
- Purpose: Cloud data storage and backend service provision
- Destination country: United States
- Method: Encrypted transmission via TLS when using the service
- Retention period: Until account deletion
- Contact: support@supabase.com
Google LLC (United States)
- Items transferred: Uploaded image/PDF content (study materials subject to text extraction)
- Purpose: AI-based flashcard generation (text extraction and content generation via Google Gemini API)
- Destination country: United States
- Method: Encrypted transmission via HTTPS for API calls
- Retention period: Up to 30 days after processing (limited retention for abuse prevention and quality improvement, then automatic deletion)
- Data usage limitation: Google does not use data sent via the Gemini API to train its models.
- Contact: https://policies.google.com/privacy
Mixpanel Inc. (United States)
- Items transferred: Service usage records, device information (non-identifiable, anonymized usage patterns)
- Purpose: Usage analytics and user experience improvement
- Destination country: United States
- Method: Encrypted transmission via HTTPS
- Retention period: 2 years after analysis
- Contact: privacy@mixpanel.com
Functional Software Inc. (Sentry, United States)
- Items transferred: Error logs, device information, app performance data
- Purpose: Error diagnostics and service quality improvement
- Destination country: United States
- Method: Encrypted transmission via HTTPS
- Retention period: 90 days
- Contact: privacy@sentry.io
Note: If you do not consent to overseas transfer of personal information, you may not be able to use the service.
Article 9 (Measures to Ensure the Safety of Personal Information)
We take the following measures to ensure the safety of personal information:
- Administrative measures: Establishment and implementation of internal management plans, regular training for staff
- Technical measures:
- Encryption of personal information (TLS in transit, AES-256 at rest)
- Access control systems
- Installation and regular updating of security programs
- Physical measures: Access control to cloud servers and related facilities
Article 10 (Notice on AI Services and Personalized Learning Algorithm)
1. AI-based Flashcard Generation
We use the Google Gemini API to extract text from images and PDFs that you upload and to generate learning flashcards automatically.
Important notices about AI-generated content:
- We do not guarantee the accuracy, completeness, or reliability of AI-generated flashcards.
- AI-generated information is provided for reference only and does not constitute educational or professional advice.
- For important exam preparation, you should always verify AI-generated content against original textbooks or trusted materials.
- An internet connection is required for AI flashcard generation. Offline, you can only review flashcards that have already been created.
2. Personalized Learning Scheduling (FSRS Algorithm)
We use the FSRS (Free Spaced Repetition Scheduler) algorithm to analyze your learning patterns and automatically generate personalized review schedules.
How the algorithm works:
- Records your responses to each flashcard (Again / Hard / Good / Easy)
- Tracks the memory strength of each card
- Calculates the optimal review time based on your learning patterns
- Adjusts the schedule to target at least 90% retention on your specified exam date
Article 11 (Rights and Obligations of Data Subjects and Methods of Exercise)
You may exercise the following rights with respect to your personal information at any time:
- Request access to your personal information
- Request correction of errors or inaccuracies
- Request deletion
- Request suspension of processing
You may exercise these rights through the in-app settings menu or by contacting us in writing or via email. We will handle your request without undue delay in accordance with applicable law.
Article 12 (Personal Information Protection Officer)
We have designated a Personal Information Protection Officer to oversee personal information processing and handle complaints and requests for relief.
Personal Information Protection Officer
- Name: [Name]
- Position: [Title]
- Contact: [Email], [Phone Number]
(Please replace with your actual details.)
Article 13 (Remedies for Rights Infringement)
If you need to report or consult about personal information infringement, you may contact the following organizations:
- Personal Information Dispute Mediation Committee: 1833-6972 (www.kopico.go.kr)
- Personal Information Infringement Report Center: 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office Cyber Crime Investigation Department: 1301 (www.spo.go.kr)
- National Police Agency Cyber Bureau: 182 (ecrm.cyber.go.kr)
Article 14 (Changes to this Privacy Policy)
This Privacy Policy is effective as of February 5, 2026.
If we add, delete, or modify its contents, we will notify users via in-app notices at least 7 days prior to the effective date. For material changes affecting users' rights, we will provide notice at least 30 days in advance and obtain separate consent where required.